LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Vulnerabilities (http://www.linuxquestions.org/questions/linux-security-4/vulnerabilities-741548/)

alxasamy 07-20-2009 09:29 PM

Vulnerabilities
 
Hi all,

I'm new at LQ. I recently joined a company and have been asked to manage a Linux box (RHEL 5), which is a web server (Apache2).

The PCI compliance scan for this web server indicates that Weak Supported SSL Cipher Suites and SSLv2 detection on ports 443, 465, 993, 995, 8443.

Another one is an unknown application on tcp port 1040.

Also there are many other issues being indicated in the report.

Thanks in advance for helping me to resolve the vulnerabilities.

Xavier.

unSpawn 07-21-2009 06:52 AM

Welcome to LQ. Hope you like it here.

Quote:

Originally Posted by alxasamy (Post 3614597)
I recently joined a company and have been asked to manage a Linux box (RHEL 5), which is a web server (Apache2).

Congratulations! If you haven't already, I should point out that RHEL comes with good administration documentation you should find the time to read.


Quote:

Originally Posted by alxasamy (Post 3614597)
The PCI compliance scan for this web server indicates that Weak Supported SSL Cipher Suites and SSLv2 detection on ports 443, 465, 993, 995, 8443.

There's two related directives in httpd.conf governing this: SSLProtocol and SSLCipherSuite. Example:
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
For more information see http://httpd.apache.org/docs/2.0/mod...sslciphersuite


Quote:

Originally Posted by alxasamy (Post 3614597)
Another one is an unknown application on tcp port 1040.

There's multiple ways to find out as root from running 'lsof -P -n -i :1040 to 'fuser -n 1040' to the lesser efficient 'netstat -anpe|grep 1040'.
Also see 'getent services 1040' for any existing service definitions.


Quote:

Originally Posted by alxasamy (Post 3614597)
Also there are many other issues being indicated in the report.

Please note that talking about errors or situations does not equal posting information about them (log lines, errors).

alxasamy 07-22-2009 10:45 AM

Thanks for the information Moderator.

I will try to get logs/errors/code in future posts.

unSpawn 07-22-2009 04:27 PM

You're welcome. Just attach logging if you got any now.

unSpawn 07-25-2009 06:51 AM

Because you have not posted any more vulnerabilities to look at (your "Also there are many other issues being indicated in the report." line) I take it your list is either exhausted or you do not want to discuss them here. Since configuring SSL in essence is a configuration task I have moved your posts and replies to its own thread in the Linux Software forum aptly called Please help with configuring SSL in Apache2.


All times are GMT -5. The time now is 12:59 PM.